Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [Roy Schestowitz cannot stop lying] [Rival] Another Major Site Runs Windows, Serves All Visitors with Malware After PWNAGE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 13 Nov 2007 00:01:37 -0600,
 Erik Funkenbusch <erik@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> On Mon, 12 Nov 2007 17:39:00 -0800, Jim Richardson wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> On Mon, 12 Nov 2007 18:59:10 -0600,
>>  Erik Funkenbusch <erik@xxxxxxxxxxxxxxxxxxxxxx> wrote:
>>> On Mon, 12 Nov 2007 14:29:52 -0800, Jim Richardson wrote:
>>>
>>>> Since in.indiatimes.com is an akamai host, you can't trust that the
>>>> headers you get from that are the same ones that the origin site sent
>>>> out. Without knowing what the origin site's IP/hostname is, you can't
>>>> get the raw headers, so all your stuff above, is a waste of typing,
>>>> since Akamai can, and does, mess with the headers. 
>>>
>>> So then claiming that's it's a Windows server is just as suspect.
>> 
>> there is evidence that it's a Windows server, as much evidence as
>> www.msn.com offers anyway :)
>
> Uh.. what?
>
> http://toolbar.netcraft.com/site_report?url=http://www.msn.com
>
>>>> Could it all be running on Linux? it's possible, have you proven it? or
>>>> even offered compelling evidence? no. 
>>>
>>> And a mere server header is compelling evidence?
>> 
>> Now that you've been shown your header analysis was faulty, you suddenly
>> want to dismiss headers as evidence? 
>
> I dismissed it to begin with because the server header can be easily
> changed.  Header order cannot be easily changed.
>

Yes it can. Quite easily. It's called a *proxy* for a reason. You can
cut out headers, and reinsert them in any order (including invalid for
the format ones) So don't pull that crap, I have the F5s at work, it's a
few lines of TCL in an iRule and you're done. 

>> It's compelling that it claims to be IIS. Since it's coming through
>> Akamai, it *could* be anything. Is it Linux? I doubt it, but if you have
>> some evidence, instead of your misdirection and poor understanding of
>> headers and how a caching proxy handles them, bring it on. 
>
> And once again, the CMS used on the site doesn't use IIS.  It uses apache.
> The fact that it says IIS is indicitive that the server header has been
> changed.

No, you claim the .cms tag must mean it uses Apache, your claim is
unproven.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHOWVmd90bcYOAWPYRAgT2AKDGFahWJpfOyyG42MMmWogzJism0gCfQ0Ze
me6piirszTa/CjHoiodTaSI=
=9T5N
-----END PGP SIGNATURE-----

-- 
Jim Richardson     http://www.eskimo.com/~warlock
im in ur $HOME, viewing ur pr0n

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index